<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:arial, helvetica, sans-serif;font-size:10pt"><div><font class="Apple-style-span" face="'times new roman', 'new york', times, serif" size="4"><span class="Apple-style-span" style="font-size: 16px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></span></font></div><div style="font-family:arial, helvetica, sans-serif;font-size:10pt"><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family:arial, helvetica, sans-serif;font-size:10pt;">Hello Everyone: <div><br></div><div>Need your thoughts on below question: </div><div><br></div><div>1. which of the following is the is a weakness of both statistical anomaly detection and pattern matching </div><div><br></div><div>A. Lack of learning
model</div><div>B. inability to run in real time</div><div>C. Requirement to monitor every event</div><div>D. Lack of ability to scale</div><div><br></div><div>I think answer is C but author says its A. </div><div><br></div><div>My reasoning - Statistical IDS creates a profile of “normal” and compares activities to this profile. For that, its put in leaning mode and if an attack was happening during "learning" mode, it may go undetected in production environment as well. </div><div><br></div><div>Pattern matching
depends on signatures so may not be able to pick up "zero day" attacks. </div><div><br></div><div><br></div><div>Thoughts pls?</div><div><br></div><div>cheers, SB</div><div><br></div></div><br>
</div></div><div style="position:fixed"></div>
<!-- cg2.c50.mail.in.yahoo.com compressed/chunked Tue Jan 12 23:52:43 PST 2010 -->
</div><br>
</body></html>